问题
Is it possible to obtaining a licensed developer certificate for signing security-reviewed, community-developed open source SGX software binary in production mode, and publish it on open source repository like apt or rpm?
I just asked Intel SGX team, they said only verified vendors are able to obtain a certificate and run in production mode. It just like Apple’s App Store, no open source code allowed, right?
回答1:
Well, it's possible, but it's a quite complicated task,
You will need to register yourself or your organization as an ISV with Intel, which is not an easy task, i.e. one of the requisites for the Remote Attestation is Mutual TLS, therefore and in order to get it working you need a Certificate which must be publicly available on an URL you control, so trust can be established between Intel and your server.
来源:https://stackoverflow.com/questions/49245509/intel-sgx-developer-licensing-and-open-source-software